From fd22ed0fa967cd2b18196526d3492922e89bd5bd Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 26 Jul 2015 14:03:39 +0200 Subject: 1 tv wu: systemPackages += ff --- 1systems/tv/wu.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to '1systems/tv/wu.nix') diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix index 3726463..f542581 100644 --- a/1systems/tv/wu.nix +++ b/1systems/tv/wu.nix @@ -29,6 +29,12 @@ in Zpkgs.genid Zpkgs.hashPassword Zpkgs.lentil + (pkgs.writeScriptBin "ff" '' + #! ${pkgs.bash}/bin/bash + exec sudo -u ff -i < Date: Sun, 26 Jul 2015 14:17:39 +0200 Subject: 1 tv wu: systemPackages += im -= weechat --- 1systems/tv/wu.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to '1systems/tv/wu.nix') diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix index f542581..192b65b 100644 --- a/1systems/tv/wu.nix +++ b/1systems/tv/wu.nix @@ -35,6 +35,19 @@ in exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@") EOF '') + (pkgs.writeScriptBin "im" '' + #! ${pkgs.bash}/bin/bash + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') # root cryptsetup @@ -62,7 +75,6 @@ in sxiv texLive tmux - weechat zathura Zpkgs.dic -- cgit v1.2.3 From 42a5ff95e5cbcbe54ed497af7c174fe0809096f1 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 27 Jul 2015 00:49:06 +0200 Subject: 1 tv wu: simplify users --- 1systems/tv/wu.nix | 76 +++++++----------------------------------------------- 1 file changed, 10 insertions(+), 66 deletions(-) (limited to '1systems/tv/wu.nix') diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix index 192b65b..9228e65 100644 --- a/1systems/tv/wu.nix +++ b/1systems/tv/wu.nix @@ -169,19 +169,21 @@ in } { users.extraGroups = { - tv-sub.gid = 1337; + tv.gid = 1337; + slaves.gid = 3799582008; # genid slaves }; users.extraUsers = - mapAttrs (name: user: user // { + mapAttrs (name: user@{ extraGroups ? [], ... }: user // { inherit name; home = "/home/${name}"; createHome = true; useDefaultShell = true; + group = "tv"; + extraGroups = ["slaves"] ++ extraGroups; }) { ff = { uid = 13378001; - group = "tv-sub"; extraGroups = [ "audio" "video" @@ -190,17 +192,6 @@ in cr = { uid = 13378002; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - vimb = { - uid = 13378003; - group = "tv-sub"; extraGroups = [ "audio" "video" @@ -210,47 +201,38 @@ in fa = { uid = 2300001; - group = "tv-sub"; }; rl = { uid = 2300002; - group = "tv-sub"; }; tief = { uid = 2300702; - group = "tv-sub"; }; btc-bitcoind = { uid = 2301001; - group = "tv-sub"; }; btc-electrum = { uid = 2301002; - group = "tv-sub"; }; ltc-litecoind = { uid = 2301101; - group = "tv-sub"; }; eth = { uid = 2302001; - group = "tv-sub"; }; emse-hsdb = { uid = 4200101; - group = "tv-sub"; }; wine = { uid = 13370400; - group = "tv-sub"; extraGroups = [ "audio" "video" @@ -258,21 +240,8 @@ in ]; }; - # dwarffortress df = { uid = 13370401; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - # XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined - FTL = { - uid = 13370402; - #group = "tv-sub"; extraGroups = [ "audio" "video" @@ -280,14 +249,8 @@ in ]; }; - freeciv = { - uid = 13370403; - group = "tv-sub"; - }; - xr = { uid = 13370061; - group = "tv-sub"; extraGroups = [ "audio" "video" @@ -296,26 +259,14 @@ in "23" = { uid = 13370023; - group = "tv-sub"; }; electrum = { uid = 13370102; - group = "tv-sub"; - }; - - Reaktor = { - uid = 4230010; - group = "tv-sub"; - }; - - gitolite = { - uid = 7700; }; skype = { uid = 6660001; - group = "tv-sub"; extraGroups = [ "audio" ]; @@ -323,12 +274,10 @@ in onion = { uid = 6660010; - group = "tv-sub"; }; zalora = { uid = 1000301; - group = "tv-sub"; extraGroups = [ "audio" # TODO remove vboxusers when hardening is active @@ -340,17 +289,12 @@ in security.sudo.extraConfig = let - inherit (import ../../4lib/tv { inherit lib pkgs; }) - isSuffixOf; - - hasMaster = { group ? "", ... }: - isSuffixOf "-sub" group; - - masterOf = user : removeSuffix "-sub" user.group; + isSlave = u: elem "slaves" u.extraGroups; + masterOf = u: u.group; + slaves = filterAttrs (_: isSlave) config.users.extraUsers; + toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL"; in - concatStringsSep "\n" - (map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL") - (filter hasMaster (attrValues config.users.extraUsers))); + concatMapStringsSep "\n" toSudoers (attrValues slaves); } ]; -- cgit v1.2.3 From 869eeb1dc1d3bfeddf67f882e0853b15e63dceb3 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 27 Jul 2015 02:02:34 +0200 Subject: * tv -> tv * --- 1systems/tv/wu.nix | 393 ----------------------------------------------------- 1 file changed, 393 deletions(-) delete mode 100644 1systems/tv/wu.nix (limited to '1systems/tv/wu.nix') diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix deleted file mode 100644 index 9228e65..0000000 --- a/1systems/tv/wu.nix +++ /dev/null @@ -1,393 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - Zpkgs = import ../../Zpkgs/tv { inherit pkgs; }; -in - -{ - krebs.build.host = config.krebs.hosts.wu; - - imports = [ - ../../2configs/tv/w110er.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-client.nix - ../../2configs/tv/exim-retiolum.nix - ../../2configs/tv/git.nix - ../../2configs/tv/mail-client.nix - ../../2configs/tv/xserver.nix - ../../2configs/tv/synaptics.nix # TODO w110er if xserver is enabled - ../../2configs/tv/urlwatch.nix - { - environment.systemPackages = with pkgs; [ - - # stockholm - git - gnumake - parallel - Zpkgs.genid - Zpkgs.hashPassword - Zpkgs.lentil - (pkgs.writeScriptBin "ff" '' - #! ${pkgs.bash}/bin/bash - exec sudo -u ff -i <